Comment by tzs
5 years ago
For small organizations, even if they are not tracking or doing anything with data that would need to be changed to comply with GDPR, the couple hundred or so Euros a year to comply with Article 27 [1] might be enough for them to block EU access.
If you are not doing anything with the data, you should just not collect it. A newspaper doesn’t need to collect my personal information.
Besides if you don’t have a regular client base in the EEA or you process and collect data only occasionally and on a small scale, you don’t have to appoint a GDPR representative.
In a few words: don’t collect data without permission, don't spy on your users, don’t profile them, don’t process or sell their data without permission, delete all data about them if they ask you to do so, and you’ll be OK.